# Block common attack patterns at Nginx level
map $request_uri $block_attack {
    default 0;
    ~*(\.env|\.git|\.svn|\.htpasswd|wp-config\.php|xmlrpc\.php|eval-stdin\.php|phpunit|setup-config\.php|install\.php|upgrade\.php|shell\.php|c99\.php|r57\.php|b374k|webshell) 1;
    ~*(%2e%2e|%00|%0a|%0d|base64_decode|system\(|passthru|shell_exec|exec\(|phpinfo) 1;
    ~*(union.*select|select.*from|insert.*into|drop.*table|information_schema) 1;
}

# Block empty user agents
map $http_user_agent $block_ua {
    default 0;
    ""      1;
    ~*sqlmap 1;
    ~*nikto  1;
    ~*nmap   1;
    ~*masscan 1;
    ~*zgrab  1;
    ~*WPScan 1;
    ~*nuclei 1;
    ~*dirbuster 1;
    ~*gobuster 1;
    ~*wfuzz  1;
}
